Alright, I have figured out the log file type. I setup the Windows server to send over the log files via syslogd. Now the files will be in a text, viewable format. That part is solved.

Now I need to work on the script. (And what a script it will be, being it will be my first true script.)

In answer to your questions:

Yes, I would like to extract the data like this one:
03/13/03 16:44:56 kernel Temporarily blocking host 212.241.116.21

03/13/03 16:44:57 firewalld103 deny in eth0 48 tcp 20 117 212.241.11 +6.21 209.126.xxx.xxx 4449 80 syn (LO-Proxied-HTTP)

Right now, deny, allow and log are current acceptions from the log. For interfaces, we have eth0 and eth1. Most packets will be coming in through eth0.(trying to at least)

Other parts of the log are basically bits and pieces of information about the packet; size, source and destination port. What I want to pull out is basically, the IP address that was attemtping access (In this case, 117.212.241.11) I get a lot of these during the day.

I was thinking that I could do a search some how looking for "Temporarily blocking Host." Then, grab that information and the IP as well. Grabbing the destination port would be nice as well. That is the very last number before the word syn.

That help?

Tarballed